Evernote and LinkedIn boost security with two-factor authentication

Evernote and LinkedIn have both added an option for two-factor authentication in the past few days – days after Twitter announced its own optional two-factor security system.

Both Evernote and Twitter fell victim to high-profile data breaches in the past year, with LinkedIn suffering a breach in summer 2012. Evernote required its 50 million users to reset their passwords earlier this year after hackers gained access to details including usernames, email addresses and encrypted passwords.

“”Most internet accounts that become compromised are illegitimately accessed from a new or unknown computer (or device),” said LinkedIn in a blog post. “Two-step verification helps address this problem by requiring you to type a numeric code when logging in from an unrecognized device for the first time. This code will be sent to your phone via SMS. When enabled, two-step verification makes it more difficult for unauthorized users to access your account, requiring them to have both your password and access to your mobile phone.”

The new Evernote features were announced in a blog post. As well as two-factor authentication (using either SMS text messages or a dedicated app), the site also offers access history and a new Authorized Applications control panel, which allows users to manage which apps have access to an Evernote account.

“Two-step verification, also known as two-factor authentication, is designed to keep your account secure even if someone learns your password,” the site said in its post. “This will usually only happen when you log into Evernote Web or install it on a new device. What makes two-step verification powerful is the six-digit verification code. This code is delivered to your mobile phone via text message or, if you prefer, generated by an app that runs on your smart phone, such as Google Authenticator. We’ll also give you a set of one-time backup codes for when you’re traveling.”

The “Authorised Applications” panel allows users to revoke an app’s access to an Evernote account – a security feature designed, the site says, for moments when users “lose a phone or computer”.

“We want you to open an Evernote app and then quickly accomplish your task,” the site said in its post. “To make that possible, we rarely ask you to sign in. Now, you can revoke any version of Evernote from your Evernote Web Account Settings. Once revoked, an app will request a password the next time its launched.”